Tripwire's April 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Google Chrome and Microsoft.
First on the patch priority list this month are patches for insufficient input validation vulnerabilities in Google Chrome (Chromium). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as possible.
Next on the patch priority list this month are patches for Microsoft Excel, Office, Word, and Outlook. These patches resolve 6 issues including remote code execution, memory corruption, and information disclosure vulnerabilities.
Next are patches that affect components of the Windows operating systems. These patches resolve over 60 vulnerabilities, including elevation of privilege, information disclosure, remote code execution, security feature bypass, denial of service, and memory corruption vulnerabilities. These vulnerabilities affect core Windows, Kernel, Remote Procedure Call, Speech Runtime, TCP/IP Driver, Early Launch Antimalware Driver, WLAN AutoConfig, Console Driver, Media, Diagnostics Hub, Overlay Filter, GDI+, Windows Installer, NTFS, and others.
Up next are patches for Hyper-V that resolve denial of service, elevation of privilege, information disclosure, and security feature bypass vulnerabilities.
Lastly, administrators should focus on server-side patches for Microsoft, which resolve issues in Microsoft SharePoint, Exchange, SMB, and DNS. These patches resolve several issues including remote code execution, information disclosure, and denial of service.
| BULLETIN | CVE |
|---|---|
| Exploit Framework - Metasploit | CVE-2021-21220, CVE-2020-16040 |
| Microsoft Office | CVE-2021-28453, CVE-2021-28452, CVE-2021-28456, CVE-2021-28451, CVE-2021-28454, CVE-2021-28449 |
| Windows I | CVE-2021-27072, CVE-2021-28310, CVE-2021-27096, CVE-2021-28312, CVE-2021-28320, CVE-2021-28440, CVE-2021-26415, CVE-2021-28437, CVE-2021-26413, CVE-2021-27086, CVE-2021-28445, CVE-2021-28317, CVE-2021-27079, CVE-2021-28311, CVE-2021-28318, CVE-2021-28350, CVE-2021-28348, CVE-2021-28349, CVE-2021-27088, CVE-2021-28435, CVE-2021-28309, CVE-2021-27093, CVE-2021-27094, CVE-2021-28357, CVE-2021-28356, CVE-2021-28355, CVE-2021-28354, CVE-2021-28329, CVE-2021-28353, CVE-2021-28352, CVE-2021-28358, CVE-2021-28327, CVE-2021-28331, CVE-2021-28330, CVE-2021-28333, CVE-2021-28332, CVE-2021-28335, CVE-2021-28338, CVE-2021-28334, CVE-2021-28337, CVE-2021-28336, CVE-2021-28339, CVE-2021-28434, CVE-2021-28340 |
| Windows II | CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28315, CVE-2021-27095, CVE-2021-28316, CVE-2021-28443, CVE-2021-28438, CVE-2021-27089, CVE-2021-27091, CVE-2021-28326, CVE-2021-28322, CVE-2021-28321, CVE-2021-28313, CVE-2021-28446, CVE-2021-26417, CVE-2021-27090, CVE-2021-28351, CVE-2021-28436, CVE-2021-28347, CVE-2021-28439, CVE-2021-28319, CVE-2021-28442, CVE-2021-28447 |
| Microsoft Hyper-V | CVE-2021-26416, CVE-2021-28314, CVE-2021-28441, CVE-2021-28444 |
| Microsoft Exchange Server | CVE-2021-28483, CVE-2021-28482, CVE-2021-28481, CVE-2021-28480 |
| Microsoft Windows DNS | CVE-2021-28323, CVE-2021-28328 |
| Windows SMB Server | CVE-2021-28324, CVE-2021-28325 |
| Microsoft Office SharePoint | CVE-2021-28450 |
